Please enable 2FA if you're involved with GitHub (at least the Mil-OSS organization on GitHub)

8 views
Skip to first unread message

David A. Wheeler

unread,
Jan 28, 2023, 5:33:50 PM1/28/23
to mil...@googlegroups.com
All:

If you are involved with the Mil-OSS organization hosted on GitHub,
or really doing anything on GitHub, *please* enable 2FA on your GitHub account soon.
At least use SMS, and ideally something better.
There are lots of TOTP solutions (Authy is one). You can also use hardware tokens
(I recommend adding multiple tokens, in case one breaks).

I realize that this can be a pain for some of those in restricted environments.
However, 2FA really does counter most password-based attacks.
GitHub is going to *require* 2FA for active developers at the end of 2023:
https://www.bleepingcomputer.com/news/security/github-to-require-2fa-from-active-developers-by-the-end-of-2023/
If nothing else, you could use one-time passwords as the second factor
when you're in a restricted environment.

I'd like to require 2FA on anyone in the mil-oss GitHub organization,
if that makes sense to the group. Anyone for or against?

--- David A. Wheeler

Reply all
Reply to author
Forward
0 new messages